- Master data in an ERP system is highly integrated with various processes and effects many parts of the organization. How does an organization assure this integration works well for all?
- Which department or person should play the key role in defining master data and assuring it’s quality?
- Which is more of a risk to a company: inaccurate data or excessive repetitive data? Explain
- Which transaction do you believe is the most ‘Sensitive’ and therefore should have extra focus in an SAT (Sensitive Access to Transaction) audit? Explain
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
Sean Patrick Walsh says
1. Master data in an ERP system is highly integrated with various processes and effects many parts of the organization. How does an organization assure this integration works well for all?
Since master data is so important and used in many different processes, controls must be put in placed to assure the integration of the data works for all. The business should have a policy/process in place stipulating what is “true data” and how it should be correctly entered into the master data records. The personnel trained to enter and check the data should have their duties segregated from the duties of personnel who enter transactions that use the master data. Routine maintenance of the master data should be done on a set time basis to ensure the data is accurate and any changes made are correct. These controls ensure that all the processes that interface with master data records are assured of the accuracy and dependability of the data.
Brou Marie Joelle Alexandra Adje says
Right Sean, accurate data and reports are the life blood of an effective sales force. Without it, management doesn’t have the data to make good decisions and sales reps don’t have the tools to turn leads into customers. The result? Lost opportunities and revenue, frustrated users and customers, and a lack of user adoption. It is also good that you mentioned the need for SoD, there are actually a lot of SoD conflicts in SAP that an negatively impact the accuracy/quality of the data.
Joshua Tarlow says
Accuracy is absolutely essential for the integrity of business operations. I definitely agree about the need for SOD relating to master data. Especially importing when considering data that is manually entered. Increased risk for inaccurate data to be entered, and if the same person is validating the data, then there is higher probability of the error not being corrected. In this example, a separate person should review the master data entries to ensure the integrity.
Tiesha Christian says
Joshua – Yes, it is important to any business operations. In having SOD in place when handling master data, It ensures the inergrity of the data. Stakeholders can rest assured that the what is being reported is correct and sharholders can make some important decsions because they can rely on the information being provided by the company. SOD can avoid many detrimental vulnerabilities in a company.
Jaspreet K. Badesha says
Yes, I agree. In a particular example this is true is my cousin worked for a pharmacy and did data entry. When the data entry was completed it went to a second person to review the information and then a third to validate and then sign off on all of the information to ship the item, The reason why they have so many people validate information is to confirm that the data is correct. If this data is incorrect or patient information doesn’t match it could lead to the death of a patient by incorrect prescriptions.
Jaspreet K. Badesha says
1. Master data in an ERP system is highly integrated with various processes and effects many parts of the organization. How does an organization assure this integration works well for all?
Master data is an integral part of the ERP system and is the foundation to most processes. Therefore, there need to be controls in place that allow accurate data to be inputted. For example, if someone is entering a phone number the field should be formatted for phone numbers and only allow numbers. Another control that should be implemented is the segregation of duties; the same person should not be allowed to complete an entire task on their own, making multiple people input information will ensure that each person will review the information and validate it before completing their portion. This will properly enforce a segregation of duties.
Jaspreet K. Badesha says
ignore this it is not a reply but a post.
Sean Patrick Walsh says
2. Which department or person should play the key role in defining master data and assuring it’s quality?
I would think that the accounting department would be the department that defines master data and assures it’s quality. The three kinds of master records we learned about are material, customer, and vendor master records. All three of those records deal with money paying out for, paying out to, or coming in from transactions that relate to the data those records store. If the wrong data is collected, or the data is inaccurately entered into the records, then the business’s transactions that are associated with data from those records could cause serious financial difficulties for the business. By placing the onus of defining the data and accuracy of the data of those records on the accounting personnel, those personnel are carrying out their responsibilities of properly controlling the finances of the business and ensuring the business processes that involve “money changing hands” are taking place with the correct and accurate data necessary.
Joshua Tarlow says
I agree that the accounting department should define and control the master data. While all three sections include financial information/transactions, they are predicated on the accuracy of the data from the accounting department. If that data is not correct, then the rest of the process can be corrupted.
Said Ouedraogo says
Good point Sean and Josh! I would just like to add that the accounting department is like the last step of the process. As Sean mentioned it, “[master records] deal with money paying out for, paying out to, or coming in from transactions that relate to the data those records store”. It is imperative then that the accounting department assure the quality of those data.
Priya Prasad Pataskar says
Agree with your point Said. Accounting department would come at a point when transaction is half way through. Till this point lot of data will be collected and entered into the system. I think SOD is the answer here. Every department who are entering data into the ERP software must ensure its quality and accuracy. Setting up automated controls will help in mandating the accuracy of information. Thus while initializing the software lot of effort must be taken to hold each individual department responsible for the data they enter.
Paul Linkchorst says
Hi Everyone,
I am going to disagree here and don’t think that the accounting department is the correct area to define and manage the Master Data. This could be a segregation of duties issue.
If I am a member of the Accounts Payable department (under Accounting), what if I could define the vendor master data? That means I could create a fake vendor into the ERP system. Since I am a member of the Accounts Payable function, I could theoretically be able to make a payment to the fake vendor that I created into the system. As we learned in Week 9, in regards to Master Data there are two concepts that should be followed which are;
• Person who creates / maintains customer master data should not be the person who processes customer orders or receives payment.
• Person who creates / maintains vendor master data should not be the person who processes purchase orders or processes vendor payments.
These functions can be segregated within the accounting department with the right controls in place. However, without segregating these duties properly there could be a high potential for fraud. Therefore, I do think it would be better off if the defining and management of master data belongs to another department within the organization.
Said Ouedraogo says
Paul,
Theoretically you are right. However, do not forget that SOD also works within a department. That being said, it wouldn’t be wise to allow Account Payable to create vendor account. Their job is to pay the vendor, they have nothing to do with vendor account creation.
Tiesha Christian says
Sean – I see what you are saying but I do not agree. I think this sort of critical task should be left to the CEOs and CIOs of the company. If direction is coming from high up and being captured. THere leaves less room for problems that may arise when other department manage such sensitive data.
Magaly Perez says
1. Master data in an ERP system is highly integrated with various processes and effects many parts of the organization. How does an organization assure this integration works well for all?
The Master data in the ERP system is a highly integrated function and is used in multiple processes which, effect different sectors of an organization. With that being said, due to its importance within the ERP system, controls must be incorporated and created so that the data can work properly within the different processes. Conversely, if an error is present in the master data it can wreak havoc by causing errors in all the applications that use it. An organization can attempt to assure the master data is integrated well by:
– implementing data governance through segregation of duties, etc.
– developing master-data policy and models
– designing infrastructure
– generating and testing master-data
– program maintenance
Although, these are just a few ways an organization can attempt to assure the master-data is integrated there are many more. The controls listed above help ensure that a business’s master-data is created and maintained accurately. Overall, no matter the size of a business they must establish a master-data maintenance and governance processes and procedures, so that in return that their master data is accurate and functions properly throughout the ERP system.
Brou Marie Joelle Alexandra Adje says
Which transaction do you believe is the most ‘Sensitive’ and therefore should have extra focus in an SAT (Sensitive Access to Transaction) audit? Explain
I think the sensitivity transaction codes vary depending on the time of year and the characteristics of the business. However, transactions like FS00 (G/L Account Creation) for finance teams can be delicate because if they aren’t controlled strictly, there’s a risk of duplication or the creation of “dummy” GL accounts. Not only can this cause confusion, but it can also cause misallocations and potentially fraud.
Magaly Perez says
2. Which department or person should play the key role in defining master data and assuring its quality?
I think that the financial department should play the key role in defining master data and assuring its quality. I based this assumption off our use of the SAP system; the vendor master file is an initial process in the accounts payable and procurement process. These processes contain monetary transactions and should be handled by the finance department. By having the finance department in charge, limits the amount of individuals within the process as well mitigates the risk of unauthorized use, fraud, theft, duplicate payments and overall inefficiencies.
Brou Marie Joelle Alexandra Adje says
Laly, I actually read an article which mentioned the need for financial master data management (MDM). In fact, investing in a Financial MDM is a good way to align master data in different applications and does not require a huge budget. Financial MDM allows business users to centralize, update and publish trusted and relevant master data to systems and to end-users. Note that the specific types of master data managed by financial departments are: charts of accounts, legal entities, organizational dimensions, analysis dimensions using general ledger accounting flexible fields and reference data.
Do you think that because of its sensitivity, financial data needs to be governed?
Magaly Perez says
Hey Alex, great input. I actually just looked up and Financial MDM and it is very applicable to my post. As for your question, most certainly. I think all aspect of an organization should be governed but specifically answering your question to financial sensitivity most definitely. I believe it ensures procedures and protocol are in place and are being monitored when handling the sensitivity of financial data throughout the financial department.
Deepali Kochhar says
Definitely, governance of sensitive data is very important in order to avoid accounting scandels such as Enron and worldcom.
Here comes the role of segregation of duties and data ownership. This helps in creating a clear picture of who is responsible for what and ultimately helps in tracking down each and every transactions made at lower level and verifying everything is going in right direction at a higher level.
During audits it helps auditor to get an idea of who can answer what questions and determining that all transactions are being managed correctly. Therefore helps in monitoring.
Brou Marie Joelle Alexandra Adje says
1. Master data in an ERP system is highly integrated with various processes and effects many parts of the organization. How does an organization assure this integration works well for all?
Master data are those data that are the most critical to an organization’s success and which are usually created, maintained, and shared among many applications. In order to assure the success of its integration in ERP system organization need to enforce certain controls such as segregation of duties to decrease the level of fraud. Organizations should also enforce business rules and policies and guarantee the transaction is correct.
For example, when creating a sales order, the transactional system should guarantee that customer data on the order is not duplicated and that address data are correct and current .
Sean Patrick Walsh says
I agree that controls are necessary to provide assurance of integration of master data for all. Policies and procedures stipulate who creates master data, and how it is created. Controls are what ensures those policies and procedures are carried out correctly. Controls catch errors, intentionally carried out or not, and ensure the master data is accurate and complete for all parties who use it for their processes.
Ming Hu says
Nice point. Controls are an obvious, yet necessary component to master data governance to assure the integration of master data into business process, by establishing solid control at the onset, these controls will monitor and audit the usage of the system in real-time in order to alert a data steward of any possible issues and/or exceptions. Additionally, all changes to master data will need to be tracked in order to document the lineage of such changes.
Paul Linkchorst says
2. Which department or person should play the key role in defining master data and assuring its quality?
In my opinion, I think whoever defines the master data should be the same person as the one who manages that data of the business function. To further explain, I believe that the one to define the material master data should be the one who manages the material itself. This is because that process owner or user will have the knowledge of that material and will be able to determine how that data should be categorized. The one hang-up that I see is that these process owners generally won’t have a strong knowledge on maintaining the quality of the master file. Therefore, the quality would be up to the data management department to make sure that master data is accurately entered and maintained.
After doing some research I found that it turns out that organizations sometimes appoint what they call a data steward. This person should be someone familiar with the source data and can converge that source data into a master-data format. Likewise, they should be appointed by the data management personnel and the business users. This makes sense since you need someone who understands the material, vendor, or customer but also have a strong knowledge of how it should be implemented into a master file to be used throughout an organization.
Source: https://msdn.microsoft.com/en-us/library/bb190163.aspx
Brou Marie Joelle Alexandra Adje says
Paul, I like the fact that you mentioned the idea of having a data steward. It is an ideal position to help with an effective governance strategy for data quality, since governance must cascade across the entire organization to ensure that appropriate accountability is enacted and enforced. In fact among other things, data stewards are responsible for the elements that support data sharing and master data management objectives, and ensure the consistency and accuracy of data as it flows from one application to the next.
Joshua Tarlow says
I hadn’t considered a data steward position before. Definitely makes sense, especially for larger organizations. It can be very easy for data to become siloed in each department, along with rules and procedures. While it may makes sense for the individual departments, can create larger issues and risks for the organization as a whole. Without a person responsible for ensuring standards enterprise wide, over time each department will diverge away from one another.
Sean Patrick Walsh says
I can’t say I agree that having whoever manages the material should necessarily be the one who controls the master data for the material. I think allowing whoever controls the actual material also control the data of the material could create the opportunity for fraud or error to take place. That is only “one set of eyes” on the material and its associated master data, and that creates the environment for personnel to take advantage of for theft and the ability to potentially hide it in changing data.
I like the concept of the “data steward” that you brought to light though. Personnel in that type of role have no incentive to manipulate data to personally benefit. Removing the incentive/pressure side of the fraud triangle makes this a good example of separation of duties in your example.
Said Ouedraogo says
Sean,
I agree with you on that one. In fact, it increased the probability of fraud if the same person manages the material and controls the master data. Those duties need to be segregated, especially that monetary transactions are involved.
And let’s even forget about fraud. The person who manages the materials can make mistake, it always good to have another person “eyes” on it for quality purposes.
Fred Zajac says
Sean & Said,
I would have to agree with Paul with his comment about the Data Stewart, and believe the Data Stewart would fall under the CIO in the IT department.
I see how some may think accounting should be the main player, but since the master data is used by so many different internal and external IT resources, MDM (Master Data Management) would fall best in the hands of the IT department / CIO. This doesn’t discount the value of having higher level management overseeing the department or CIO. Again, MDM doesn’t influence business decisions, business decisions influence MDM. How it is stored, mapped, configured, as well as the Confidential, Integrity, and Available.
Poorly mapped data, configured integration, storage procedures, controls, are also a main part of managing the master data. I don’t know if the accounting department should hire a technical person to properly build, manage, and maintain the data base.
Paul Linkchorst says
Sean and Said,
I might have not worded my response to the question appropriately. I think that defining the Master Data should be left responsible to the actual individuals who utilize the person/things that the Master Data is representing. For example, the vendor management personnel should have a say in how the Master Data is defined since they will be the main users of this data and will want a configuration that is clear and understandable. However, the data management personnel should be the department responsible for maintaining and managing the data within the various software applications, focusing on CIA. This is where the data steward comes in and can blend the knowledge between the two areas. I think if it was just the data management personnel defining the Master Data it might not be as user friendly as if it came defined from the users themselves.
I hope I was able to clarify my answer a little bit better.
Paul Linkchorst says
3. Which is more of a risk to a company: inaccurate data or excessive repetitive data? Explain
In my opinion, I would say inaccurate data is a bigger risk than excessive, repetitive data. Two reasons for this is due to decision making and compliance. Data is more or less knowledge that can be used by those within an organization to make decisions. Sales trends, pricing, advertising, inventory turnover, manufacturing rate, and much more are all ways in which data can be used in making decisions. If the data that is being used by a decision maker is not accurate, then the decision made could be incorrect leading to financial loss and depletion of resources. For example, if I am a retail store and my data tells me I have only 10 t-shirts remaining when in fact I have 50, and then I just over purchased inventory costing me money and inventory space.
The other risk I would say that inaccurate data could affect would be compliance. Data, again, is more or less what the financial statements of a company represent. From that perspective, organizations have a duty to properly state their financial statements, especially for those companies that are publicly traded and owned. Inaccurate data that is material to the financial statements can prove to be a compliance issue, which could result in lawsuits, reduction of stakeholder trust/investments, and finally the cost to reproduce the organizations financial statements. I think overall inaccurate data is more of a risk to a company.
Brou Marie Joelle Alexandra Adje says
I definitely agree with you on the fact that inaccurate data present bigger risk for a company. Take the example of a company who send personalized documents to their customers. Sending the wrong information to the wrong person can have detrimental effects on their business. Some of the consequences include, breaking customer confidentiality ( by sending a customer data belonging to one of their competitors for example. This would. reveal sensitive price or order information that compromises their competitive advantage), loss of sales and customer loyalty.
Paul Linkchorst says
Hi Alex,
That is a good point that you brought up about how inaccuracy in the Order to Cash process can lead to customer unsatisfaction.
Yu Ming Keung says
Good point Paul,
Inaccurate data is absolutely the real danger for a publicly traded organization because investors or creditors would invest and do the research based on the annual/quarterly report. Inaccuracies of data can harm the business reputation and the trust / confidence with its investors. I think the Accounting department would have the responsibility to ensure the data is accurate and the external auditors would ensure the accuracies of the financial statements based on the reasonable assurance principle.
Paul Linkchorst says
Hi Yu Ming,
I am going to take this one point further. I would say that all one must do is look at how much an organization spends on making sure data is accurate versus reducing data replication, in order to identify which they find more important. Company’s spend millions on having their financial statements audited as well as implementing ERP systems throughout their company. From an audit standpoint, they need to do this for compliance but also want to make sure that their data is accurate for financing purposes. From the ERP implementation standpoint, this it to make sure that information and data is accurately recorded and moved throughout an organization in an effective and efficient manner. With that being said, I would agree to an extent that it is the accounting departments responsibility to ensure that data is accurate. I do think the ultimate group responsible for the accuracy of financial data is that of the upper level management within an organization.
Fangzhou Hou says
Exactly, I agree with you Yu-Ming that the inaccurate data is danger for publicly traded organization. From the publicly traded organization’s perspective, the financial statements and the Form-10K are required to be disclosed to the investors, and if the data within the financial statements are inaccurate, or even exist huge gap comparing with the real business performance, it may cause potential risks in fraud and negatively affect the investors and shareholders, therefore, the accuracy of data is truly important for the organizations.
Paul Linkchorst says
4. Which transaction do you believe is the most ‘Sensitive’ and therefore should have extra focus in an SAT (Sensitive Access to Transaction) audit? Explain
After doing some research, one of the transactions that I found which should be focused in an SAT audit is that of transaction FI12. This transaction allows the users to edit the bank account to be used within the SAP system. This bank account is used within the system to make and receive payments. For someone to be able to change this, you run the risk of fraud or theft. This seems to be a risk that comes right out of the movie Office Space, where a couple of employees changed the program to send themselves the rounding differences of all transaction in the company to their bank account. Due to this, this transaction should be limited in who can access it and therefore be one of the more sensitive transactions within SAP.
Source: http://www.saponlinetutorials.com/define-house-bank-in-sap-house-banks-overview/
Sean Patrick Walsh says
I agree that the T-code you identified is definitely sensitive to fraud and error. The personnel who have authorization to execute changes with that transaction should be very limited. Those personnel should also probably have strict background checks carried out through administrative control policies to properly vet before receiving access and authorization to that T-code.
Said Ouedraogo says
Sean,
I agree with you 100%. Also, I think there should be a second group that would validate the new/modified bank account. In that way, people who are granted access to transaction FI12 would not be able to commit fraud.
Magaly Perez says
4. Which transaction do you believe is the most ‘Sensitive’ and therefore should have extra focus in an SAT (Sensitive Access to Transaction) audit? Explain
I think F110 is the most ‘Sensitive’ transaction and should have an extra focus in an SAT audit. F110 is a T-code that can be executed by users based of their SAP authorizations; this code is known as “Payment Run/Automatic Payment Transactions”. As you know, t-codes are based off the user’s authorization and with that being said it presents the risk of someone misusing that t-code. If misused, it can significantly impact the whole business.
-Source: http://www.xpandion.com/Blog/the-three-most-sensitive-t-codes-ever-what-are-they.html
Brou Marie Joelle Alexandra Adje says
Laly, you are absolutely right.
Also if you think about changing an existing master data for vendors / customers such as bank data can lead to fraud if not properly monitored. For example, if the person authorized to edit master data can change the details without confirmation, he/she may change the bank account of the vendor to his/her own bank account which can be left unnoticed. Upon execution of the automatic payment, the fraudulent bank account is debited instead of that of the vendor. Even if this can be detected through executing the report for master data changes, it would be little too late to prevent the fraud.
Magaly Perez says
Alex, great point. Your reply actually had me thinking from an auditors perspective. I researched the web and found a list of t-codes which are used in order to monitor the master data record. I was able to find this site which discloses codes in order to track and monitor controls. We have actually used a few of these transaction codes. Obviously, with fraud you don’t find out about it until it is too late but you can attempt to mitigate those risk by implementing controls as well as testing those controls.
Here’s the link: http://mydailyexecutive.blogspot.com/2009/01/useful-sap-t-code-list-for-auditing.html
Fred Zajac says
Laly,
I agree this is the most sensitive process. As I mentioned in my answer, this is access to the cash, or most liquid asset. Financial gain is one of the biggest pressures for committing fraud. Having the ability to change bank account information is a very powerful position, with many opportunities to commit fraud. We can’t stop the cash transaction procedure, so to reduce the opportunity, Segregation of Duties is used by several organizations.
Said Ouedraogo says
1. Which is more of a risk to a company: inaccurate data or excessive repetitive data? Explain
I think inaccurate data is more of a risk to a company than excessive repetitive data. There are many tools that can be used to filter and get rid of repetitive data, whereas there are few tools to detect and/or correct inaccurate data.
Data are used in almost all the activities of companies and constitute the basis for decisions on operational and strategic levels. Inaccurate data can, therefore, have significantly negative impacts on the efficiency of an organization. In fact, inaccurate data can lead to financial loss, decrease customer satisfaction, and lower performance.
For example, let’s say you are an oil and energy company and one of your customer is a gold mining company. In order to operate efficiently in the next 4 weeks, the company orders 10,000 gallons of fuel. You accept and process the order because your inventory management system is showing that you have enough fuel quantity to fulfill the order, but in reality your fuel stock quantity is less than 10,000 gallons. Then, you realized that you can’t fulfill the order because you do not have the quantity requested. You will lose credibility and the gold mining company account as they will go to your competitors.
As said above, inaccurate data can imply a multitude of negative consequences in a company.
Wen Ting Lu says
I agree with you that excessive repetitive data problem is easier to resolve compared to the inaccurate data. With inaccurate data, there are so many negative impacts associated with it. I also like your example, it is always not a good sign to have deficient inventory because if customer didn’t get what they wanted, they are most likely turning away to somewhere else. Personally, if I really want a certain item and it’s not available in the store A, then I will look for somewhere else to purchase it (store B). I will probably coming to store B more often in the future if I am satisfied with the item I purchased. In store A’s situation, it didn’t make profit due to not having enough inventory, and it also lost a customer like me because she is not satisfied.
On the opposite, excessive inventory can lead to a cash flow problem as well. For example, back in 2013, Blackberry was facing cash flow problem. Since the product life cycle is short, there is a little chance to sell old inventory afterward. Once the company has many outdated products, the inventory affects the operating cash flow negatively unless it disposes of the leftover.
Both examples shows the important of keeping accurate data because it will help the company to make good decisions based on the performance.
Sean Patrick Walsh says
Your example of inaccurate data shows some of the potential consequences that a decision made with inaccurate data can have on a business. I think inaccurate data and excessive repetitive data can both be equally risky for a business. Couldn’t inaccurate data be built into repetitive data? For example, say a business has multiple entries of an address for a business, and some of the entries are not the current address for the business. An order placed by the business that is placed with the user referencing a repetitive record could go to an inaccurate address. I think inaccuracy is the greater risk, but since it can be built into excessive repetitive data, it could easily go uncorrected since the master data record keeper may not realize there are more than one record out there available for use in transactions. Does that make sense?
Said Ouedraogo says
Sean,
It makes sense to me. In fact, sometimes excessive data can lead to inaccurate data. And your example illustrates perfectly the situation. However, as I said in my original post there are tools that can be used to get rid of excessive data. In your example, you talked about multiple addresses. Some businesses allow you to update your address when moving to a new place. Generally, the change is also made directly to the business database. And all new orders from you, should be delivered to your new address.
Wen Ting Lu says
3. Which is more of a risk to a company: inaccurate data or excessive repetitive data? Explain
I think inaccurate data is more of a risk to a company compared to excessive repetitive data. In twenty-first century, data and people are the most important asset to a company. The company can lose its physical assets and still remain in business; however, it’s difficult when a company lose its knowledge assets, which are people and data. If the data is inaccurate then it will negatively impact the company in the decision making process, no matter it is the sales department, marketing department or accounting department. Automatically, it will lead to financial loss, as well as ruin the company’s credibility due to dropping in customer satisfaction.
A typical example of how inaccurate data can negatively affect the company is when the amount of inventory is entered incorrect, and the inventory on hand is not enough to meet the demand of the customer needs. In this case, the company not only losing the opportunity to make profit, but also make the customers unhappy and they might find an alternative because they didn’t get what they wanted. In a more severe case, if there was a contract between the company and the customer and it specifically stated the amount of supplies must be provided for example at the 20th of each month , then it might lead to a legal issue for not meeting the contract for the supplies guaranteed.
Joshua Tarlow says
Which is more of a risk to a company: inaccurate data or excessive repetitive data?
Inaccurate data is a greater risk to a company than excessive repetitive data. First, both can be costly to an organization, which is the primary risk of repetitive data. Data must be clean before it can be analyzed, which is resource intensive. Unlike repetitive data, inaccurate data’s risks extend far beyond data management and productivity. Business decisions and operations are predicated on the accuracy of the company’s data. Inaccurate data can lead to unsound business decisions. For example, a company could be forecasting sales projections and determining inventory orders. If the data is not correct, than the subsequent inventory orders will also be wrong.
Another risk inaccurate data exposes companies too is compliance/regulatory/liability. Invalid data can lead to a myriad of errors in business functions/operations/services. A hospital may have incorrect patient data, which may lead to incorrect medication dosages. A health insurance company can mix up addresses, misspell names, or another error that causes the system to send medical information to the wrong person. In these examples there is a medical malpractice liability risk and HIPAA violation. Both leading to exposures in reputation in addition to monetary losses.
Ming Hu says
3. Which is more of a risk to a company: inaccurate data or excessive repetitive data? Explain
Both inaccurate and excessive repetitive data can negatively impact your business. As for me, the inaccurate data would more likely be a risk.
Negative impact of the inaccurate data:
Losing customers – business have a small window of opportunity to obtain and retain their customers, once they betray their trust, those customers are usually gone for good, the inaccurate data can have a lasting and negative impact on the reputation and customer experience.
Damaging brand – inaccurate financial reporting would hurt the company’s credibility with the board of directors and investors. For a non-profit organization, it may affect donations.
While excessive repetitive data does have the capability to engender negative impacts, such as efficiency, cost overrun, different from the inaccurate data, most of these negative impacts exist in the company, it could be fixed from within. However, losing customers or damaging brand, such of these negative impacts will take you long periods of time and more resources to restore the previous state.
Deepali Kochhar says
To add to your point Yu ming, inaccurate data may also lead to Invalid reports, Lower productivity and Loss in Revenue which ultimately leads to loss of business and finances. For this reason, it is very important to maintain data integrity which generating reports . This helps in evaluating the exact results for a business.
Yulun Song says
In addition to your point Ming. Inaccurate data also negatively influences decision-makings and delayed decision-makings to top management. also, it also wasting time and money to check and find out and correct those inaccurate data.
Annamarie Filippone says
Q1. Master data in an ERP system is highly integrated with various processes and affects many parts of the organization. How does an organization assure this integration works well for all?
Due to the reliance other processes have on the master data in an ERP system, it is crucial that the master data is created and maintained appropriately. One control that should be in place is segregation of duties, which reduces the chance of fraud or errors. In addition, policies and processes should be documented that clearly dictate who is responsible for inputting/maintaining master data. Maintenance must be done regularly to ensure the continued accuracy of the data.
Binu Anna Eapen says
I agree with you Annamarie. Master data management becomes complex especially when the company grows through merger or acquisitions. Any merger will create a duplicate master data. Database administrator resolves this by a process called as deduplication which is a data compression technique for eliminating duplicate copies of repeating data. But as the master data increases it becomes even more complex and difficult to integrate. Poorly integrated master databases can cause serious operational problems in areas of operational efficiency, customer satisfaction, decision support and regulatory compliance.
Wenlin Zhou says
I agree with you. Master data management is key to regulatory compliance. Keeping master data up-to-date is usually a request-driven process that involves multiple people and many steps, often with less-than-ideal results. Poor master data quality and duplicate master records are common issues, leading to problems and high costs in other departments when processing orders and invoices. To alleviate these issues, master data processes have become more centralized and restricted.
we simplifies the process of fulfilling requests for master data changes, such as adding a supplier or changing customer and vendor master data. the solution includes a documented, automated workflow that offers a single point of entry, approval and execution.
Annamarie Filippone says
Q2. Which department or person should play the key role in defining master data and assuring its quality?
I believe that the accounting department would be the department responsible for defining the master data and assuring its quality. However, I do not think they should act alone when it comes to defining the data. The departments that utilize the master data for their job functions, such as material management, should be able to give their input on it as well, since they will be the depending on it. However, it should ultimately be up to the accounting department to finalize the master data and continually monitor for quality.
Deepali Kochhar says
you made a good point Annamarie, it is always good to have 2 level authentication to manage quality. it can be possible that one might miss a mistake and it comes in the notice of other. Also it helps in getting different opinions. definitely accounting department will have dependency on material management and if both remain integrated, they can better define master data.
Annamarie Filippone says
Q3. Which is more of a risk to a company: inaccurate data or excessive repetitive data? Explain.
While both are risky for a company, I think that inaccurate data presents a greater risk. For one thing, there are many ways to filter out repetitive data, while the same cannot be said for inaccurate data. In addition, data is used for decision-making and business transactions all the time and inaccurate data could lead a company to make choices that are in fact not good for them. In addition, it could also lead to mistakes, such as the wrong accounts being charged/credited or shipments going somewhere they shouldn’t.
Annamarie Filippone says
Q4. Which transaction do you believe is the most ‘Sensitive’ and therefore should have extra focus in an SAT (Sensitive Access to Transaction) audit? Explain.
I don’t believe there is one correct answer for this question, since the transactions used by an organization and deemed “sensitive” will vary depending on the processes common to that organization, as well as who you ask. With this in mind I attempted to find transactions that would be common across organizations and that could pose a serious risk. Transaction code PFCG (Role Maintenance) is one that I think is very sensitive no matter the company. Role Maintenance allows users to create, change, and assign roles and authorizations. This grants a lot of power to users that can access it, and could lead to inappropriate elevation of roles or authorizations, which is why this transaction code should only be utilized by a select few within a company.
Said Ouedraogo says
Annemarie,
Interesting! I think having access to that specific transaction can lead to an abuse of power. In fact, people who have the privilege of assigning roles in the system can basically do what they want. I would just like to know what are their job title in the organization and what are their day-to-day activities.
Binu Anna Eapen says
Well written Annamarie. Role maintenance is definitely very sensitive area and improper/incorrect access given to anyone can result in fraud. Role maintenance and profile generator (transaction PFCG) can maintain roles, profiles and authorizations. A central user administrator can create new roles as well and assign these roles to any no. of users. Roles contain the authorizations with which users can access the transactions, reports, Web-based applications, and so on that are contained in the menu. If roles are not properly assigned or assigned to wrong group of people it can stop people from properly functioning as well as misusing the wrong privileges.
Priya Prasad Pataskar says
Indeed Annmarie. PFCG is a sensitive transaction. Each department will have their own answer to call a transaction sensitive. If we talk about department managing users and authorizations, then probably SU01 (User Maintenance), PFCG (Role Maintenance) and SCC4 (Client Administration) would be treated as senitive. Sensitivity is seen through the eyes of their own department as that will help them identify risk in what they understand best.
Mansi Paun says
Well said, Annamarie – there is no one “correct answer” to which transaction is the most sensitive as it would purely depend and differ on factors like department, time of the year, specific role or position and the type of organization. From SAT Audit perspective however, I believe that any transaction that enables users to modify the G/L accounts should have extra focus.
Ming Hu says
4. Which transaction do you believe is the most ‘Sensitive’ and therefore should have extra focus in an SAT (Sensitive Access to Transaction) audit? Explain
Access transactions are the most sensitive, because they enable users to create, modify or delete G/L accounts, therefore, access should only be granted to specific group of users for specific business needs. Otherwise, the loss or theft of data and information may expose the company to liability and have an adverse impact on the company’s business.
Here’s some examples:
• FSS1 Create Master Record in Company
• FSP0 Create G/L Acct Master Record
• FSP1 Cross-System Company Codes
• FSP2 Change G/L Acct Master Records
Source: http://www.winshuttle.com/blog/sensitive-transaction-codes-sap-year-end-audit/
Yu Ming Keung says
Which is more of a risk to a company: inaccurate data or excessive repetitive data? Explain
In my opinion, Inaccurate data is definitely a bigger risk to harm and threat a company. The first reason is that it affects the decision making of stakeholders including the company itself. Inaccurate data can cause faulty reporting that can hurt the company’s credibility with the board of directors and investors. If the organization is a publicly-held organization, it will then risk a buyer uncovering the inaccuracies – or worse, buying the business and discovering the flaws after the sale. The company will then face litigation. An outside independent auditor who will assure that generally accepted accounting principles are followed can allay these woes.
Furthermore, inconsistencies and inaccuracies of data can pollute a data source, this might cause difficulties in performing data analysis. For transactional systems, it means that orders taken incorrectly, or error occurring in packaging, documentation or billing can cause dissatisfied customer, or can result in additional material and labor costs. Excessive repetitive data can also harm a business but I believe it wont be as dangerous as inaccurate data.
Ming Hu says
Nice point. I believe that inaccurate data might not only cause difficulties in performing data analysis, but also may generate a totally wrong analysis result. We all know how important the data to an organization, the company relies on the results of data analysis to make decisions to design promotion strategy or provide customized customer service. But if the data is wrong, for example, if a retail company designed its targeted sales strategy based on wrong sales data, the company may not be able to correctly realize the selling trends and the investment would go down the drain.
Fangzhou Hou says
Totally agree. The accuracy of data is extremely important for an organization, especially those major published companies. Since the financial statements and other evaluation information like the Form 10-K are required to be disclosed, if the data is inaccurate, the investors and shareholders may misread the company’s performance and make wrong decisions. Also, from the strategic perspective, inaccurate data also negatively affect the decision making of the management, and this may damage the company in the long-term.
Binu Anna Eapen says
3. Which is more of a risk to a company: inaccurate data or excessive repetitive data? Explain
Ans. Missing, incorrect or inconsistent master data leads to processes with errors having unreliable information. The quality of the customer master data has immediate influence on sales-relevant operation of an organization and can influence the success of the business. Hence the quality of master data is very important. Both inaccurate data and excessive repetitive data are risky to the company and controls needs to be in place to mitigate this. If I have to choose between the two, I think inaccurate data is riskier. Because for excessive repetitive data we can have controls to mitigate by reconciliation or by checking for duplicate entries. By checking the date of transaction and other details it is easier to check for repetitive data and eliminate them. Completion check and data validation needs to be in place.
But in case of inaccurate data, which can mean missing transactions or erroneous entries it becomes difficult to track or correct the system. Data accuracy check needs to be in place. And reconciliation or cross verification helps. But missing entries or wrong entries if not detected can have huge impact on sales operations.
Priya Prasad Pataskar says
I agree with your point Binu. Inaccurate data is more risky. I think excessive repetitive data can lead to inaccurate data. Repetitive data would be in place when there is improper integration of data. Lets say vendor details are present in vendor table as well as material table. If there is an update in vendor contact number and address and someone updates only the vendor table forgets to update the material table. In such case inaccuracy will arise. Organizations should focus on having master records and normalize the tables to have minimum repetitive data.
Repetitive data would lead to memory wastage and scope of inconsistent values.
Said Ouedraogo says
Actually, your post made me realized that the real problem is human. In fact, both inaccurate and repetitive data are the result of humans as they are the one generating or creating those data. And, as you said repetitive data can lead to inaccurate the data. The cause of that is that at some point someone made a mistake. My point is, it is not which one is riskier but how risky can be human errors to a company.
Priya Prasad Pataskar says
Q] Master data in an ERP system is highly integrated with various processes and effects many parts of the organization. How does an organization assure this integration works well for all?
A] ERP contains combination of several modules like finance, sales and distribution, materials management, manufacturing and production control, human resources, plant maintenance and quality management. These modules need data in integrated format so as to work all these modules to manage entire workflow. Master tables lie Vendor, Supplier, Customer, Materials will be referenced in all modules and shared by different applications.
When sharing data across functions the concern is regarding
1. Accuracy
2. Completeness
3. Consistency
Companies need to have well established and standard processes to ensure accuracy of master data and clear integration process
1. Well defined procedures for master data maintenance and integration
2. Clearly define ownership of data
3. Well defined roles and responsibilities and SOD to add, modify, update master data entries
4. Documentation and sign off on the documentation. Educate all stakeholders about the process
5. Audit trails of master tables and log maintenance
6. Proper data mapping templates
All the ERP softwares use Master data management tools. In terms of SAP let me discuss the process and the tools used,
1. Initially setup master data management process and define procedures – MDM remote system extractor in SAP
2. Extract master data from various modules – MDM remote system extractor in SAP
3. Load master data from various sources to help accurate integration – MDM import mechanisms in SAP
4. Integrate master data – MDM business content in SAP
5. Distribute master data to various targets – MDM Syndicator in SAP
6. Process data with applications and API’s – MDM API’s and web services
Wenlin Zhou says
I agree with you. The master data bring a lot of benefits. For example, Controlled collection and execution of all master data requests throughout the organization. Simple-to-use web application as entry point for any master data request. Integrated approval routines align with established business processes. Improved visibility with single point of processing and full overview of requests. Simplified procedure reduces processing time and activities required for master data updates. Runs inside SAP with SAP GUI or web browser interface. Improves compliance management for master data handling. Seamless integration with archive system (SAP ArchiveLink certified)
Yu Ming Keung says
2. Which department or person should play the key role in defining master data and assuring it’s quality?
After my research for master data, it is any information that is considered to play a key role in the core operation of a business. Master data may include data records about material master, clients and customers, employees, inventory, suppliers, analytics and more. Master data is typically shared by multiple users and groups across an organization and stored on different systems. I would think that the finance and accounting department would play an important role to define master data and assure its quality. It is because all of those functions of master data involves transactions occurred in the organizations and finance and accounting departments are responsible for transactions. For example, a single transaction would need to verify the accuracy of client’s information, pricing, inventory availability. Finance and accounting department would ensure there is no wrong data being enter into the record to ensure the quality of the master data.
Abhay V Kshirsagar says
Yu Ming,
I agree. During my internship, our ERP software wasn’t integrated with the CRM and hence one of the primary jobs of the sales team was to feed in data that the customers provided in CRM, into the ERP for further processing. So, for the customer master data, the sales team was responsible for managing the data with me. As long as defining the master data goes, I think it was the sales team with the involvement of accounting and operation departments, since they also had a say as to what customer attributes they will require for their business functions.
Abhay V Kshirsagar says
Master data in an ERP system is highly integrated with various processes and effects many parts of the organization. How does an organization assure this integration works well for all?
For any organization it is critical that they have an effective master data management tool to ensure that the information in the master data is the single source of truth to power its business processes. I think most companies use the available MDM (Master Data Management) tools, which use a process called a record linkage process to identify records from different sources. These sources represent real world entities. The solutions provided by MDM tools are source identification, data collection, data transformation (data being converted into a format for MDM processing and vice versa), data consolidation, error detection, etc.
To ensure that the set integration works well, the organizations may also have data policies in place that define the above mentioned components to ensure data accuracy throughout the master data. Organizations can also have data stewards to make sure the content of the data and metadata elements is healthy.
Source: http://www.dataintegration.info/master-data-management
Mansi Paun says
Great insight, Abhay. You’re right in saying that most companies use one of the Master Data Management softwares to integrate and make Master data available to different processes and parts in an organization. MDM enables organizations to consolidate the critical Master data to one Master file. It also provides well streamlined data sharing and data-processing within different processes and functions in an Organization.
Wenlin Zhou says
Great, I agree with you. Correct and reliable master data constitute the basis for all business processes. Discrepancies in payment terms, customer addresses or dangerous goods information can lead to significant delays in business processes (e.g. settlement of invoices, incorrect deliveries, etc.), or even lead to entire consignments of goods not reaching their destination. This not only harbors a huge financial risk for companies, but also increases the danger of making wrong business decisions on account of inconsistent data. Integration into the SAP ERP system accelerates the maintenance process, leads to a vast improvement in the quality of your master data and ensures the observance of legal requirements, for instance by reusing the checks already available in the ERP system.
Yu Ming Keung says
Which transaction do you believe is the most ‘Sensitive’ and therefore should have extra focus in an SAT (Sensitive Access to Transaction) audit? Explain
I would think that FB01 (post document) or any manual journal posting transaction are the most sensitive transaction and it would need more focus and secured in general. This function is to enable the SAP users to post document. It should generally need an extra focus in an SAT audit. If this transaction is abused, it can impact the accounting view, fraud is easy to happen because this transaction is taken care manually and then affect the transactions cause serious financial difficulties for the business.
Source:
http://www.winshuttle.com/blog/sensitive-transaction-codes-sap-year-end-audit/
Priya Prasad Pataskar says
That is a good point Yu Ming.
The transactions which have lot of controls of getting access to, would be the important ones. There might not be one correct answer and would depend on the business characteristics and situation of the business and the time of the year. A list of sensitive transactions is relative to your role and responsibilities.
FB01 definitely is critical, in the wrong hands they can be abused and impact the way your accounting controls are viewed.
FS01 , FS02 to create and update master data are another critical ones.
Companies would also categorize those transactions as sensitive which were a problem area in previous audits.
Yu Ming Keung says
Well put Priya, I agree that FS01 and FS02 are another critical area to pay more attention during an audit. Since the person can create fake transactions in this functions, and it would need more controls such as segregation of duties to mitigate the risk. It is important to ensure the transactions is approved and all input data is correct.
Abhay V Kshirsagar says
Which is more of a risk to a company: inaccurate data or excessive repetitive data? Explain
Considering the respective risks that inaccurate data and excessive repeated data carry, I think inaccurate data carries more risk for an organization compared to data that is redundant. An organization is still powered by the redundant data (maybe not efficiently) but if the data is inaccurate, it can be of no value for the organization.
It can have financial impacts, like missed opportunities, increased penalties (compliance risk) and other fines. It can also have productivity impacts like increase in processing time or inferior or below expectations end-product quality. Eventually, organizations can lose confidence in the data for forecasting, management decisions and reporting purposes.
Yulun Song says
That is Correct, Ab. Inaccurate data may allow top managers make bad and wrong decisions or delayed decisions. and also, it is wasting money and time to check it again and again and companies will lost many opportunities to make better decisions.
Deepali Kochhar says
overall in a way it harms the data integrity and hinders one of the three goals of information security i.e. confidentiality, availability and integrity. This in a way explains that their is lack of information security policies and procedures in an organization.
Yu Ming Keung says
Can’t agree more Abhay, compared to inaccuracies of data, redundancy of data is not that harmful in a business perspective because it just takes up more space in the database. It may take longer time to rearrange the database but doesn’t hurt the business. Deeplali also brought up a good point that Inaccurate data can affect the confidentiality, integrity and availability of data in a way to hurt the business.
Abhay V Kshirsagar says
Which transaction do you believe is the most ‘Sensitive’ and therefore should have extra focus in an SAT (Sensitive Access to Transaction) audit? Explain
I think in every organization there high-risk/sensitive activities (transaction codes) and defining them is very important component of authorization-related project because of the impact they can have on that organization if they are misused.
I think one of the most important transaction code that needs to be constantly audited are the ones that allow users to create, modify or delete general ledger (GL) accounts. Every activity under this should have a business justification for it. There are risks like financial irregularities and misstatements with this transaction. These are usually restricted and authorization is granted on the basis of a very few particular business needs.
Ming Hu says
Nice point Abhay, take role-based authorization for example, it is a dynamic process based on employee overturn, specific requirements, or job change, so constantly audit is necessary for ensuring corresponding changes have been made, otherwise, the privilege may be misused and sensitive data may be stolen. E.g. SU03 Maintain Authorizations; Su20 Authorization Object Fields; Su24 Maintain Assignment of Authorization Objects.
Seunghyun (Daniel) Min says
Q1. Master data in an ERP system is highly integrated with various processes and effects many parts of the organization. How does an organization assure this integration works well for all?
A single ERP system contains a variety of business processes. For that reason, master data should be integrated into a standard/comparable format. I think that is how an organization can assure those master data integration works well for all business entities. So what I meant by a standard format is that, for instance, if an organization complies with entering a data with an ‘MM/DD/YYYY’ format, all departments in that organization should follow that format. In addition, when connecting each data into various tables, those data should be gone through data normalization. It will help a refinement process after the initial exercise of identifying the data objects that should be in the relational database, identifying their relationships and defining the tables required and the columns within each table.
Seunghyun (Daniel) Min says
Q2. Which department or person should play the key role in defining master data and assuring its quality?
In my opinion, the financial department should be the key entity that defines master data and assure its quality as well. I made this assumption based on what the financial department role during the SAP, or ERP in general, processes. When a purchase invoice or financial transaction needs to be processed, the financial department plays an authorizing/overseeing role of those deals. They also make sure if those deals were made in a proper/corrective manner.
Wenlin Zhou says
I agree with you. Finance architecture is often complex due to multiple systems. Each system has got a dedicated repository. Therefore, it’s difficult to share data across a wide range of financial applications. Financial master data needs to be quickly and easily adapted to business changes at the fast pace of business. Financial MDM is essential not only for minor modifications in day to day business, when creating a new cost center or modifying an existing attribute for a legal entity, but also when making major changes such as mergers, acquisitions, reorganizations or regulatory changes.
Seunghyun (Daniel) Min says
Q3. Which is more of a risk to a company: inaccurate data or excessive repetitive data? Explain
Between those two risks, inaccurate data or excessive repetitive data, I weight more on inaccurate data to be more of a risk to a company. In terms of implementing a control perspective, it is possible to prevent repetitive data from occurring by setting up a control at the stage of entering data. For example, when I was working for a grocery store, one of my works was receiving invoices and entering each invoice number into the system. If I entered the same invoice number, I would get an error message that the invoice number had been processed. However, it is very hard to prevent inaccurate data to be entered from happening since human error is always to be a concern. Going back to my grocery job example, I could enter inaccurate invoice numbers into the system, but it will accept them unless those were repetitive data. And it happened to me once. I mistakenly entered wrong invoice number into the system, and I got a phone call from HQ next week that I needed to re-enter the wrong invoice number. Because of my inaccurate data, my company was delayed to pay their vendor, and it took us to take extra steps to correct the original data.
Yulun Song says
Daniel, I like the example you made that related to your previous work. Entering inaccurate will influence a chain of work. I don’t think top managers check each invoice numbers cuz he/she may think it is wasting time and also, that is a heavy work to do because a medium sized grocery store may have more than 200 invoice numbers per day. so we have to care about the first step, to make sure the number is correctly entered. and if there are too many inaccurate data, top managers are not easy to make decisions and also, it is costly to do extra checks and wasting time.
Seunghyun (Daniel) Min says
Q4, Which transaction do you believe is the most ‘Sensitive’ and therefore should have extra focus in an SAT (Sensitive Access to Transaction) audit? Explain
I believe a payment transaction should be considered as the most ‘Sensitive.’ Since that transaction is one that directly deals with payment, money, it needs to be treated very carefully. There must be segregation of duties placed to prevent any fraud from happening, and more authorization should oversee the transactions thoroughly.
Yulun Song says
Daniel, you are correct. Money related things are always sensitive to all kinds of entities including companies, any sized organizations or even in a family. so people should deal with money related fields very carefully. and segregation of duties must be applies to prevent any fraud and errors.
Vu Do says
Daniel, payment transaction is very important and is the most Sensitive since it is how the organization received money. Everything has to be done correctly or else the company does not received money. It is the most looked upon for fraud since someone can change the information and have the money inserted towards their bank account or a different method. Segregation of duties must be set up like you said to prevent fraud from occurring and minimize this risk. There must be extra focus here to make sure that everything is being done correctly and nothing unusual is taken place. d correctly.
Yulun Song says
1. Master data in an ERP system is highly integrated with various processes and affects many parts of the organization. How does an organization assure this integration works well for all?
In an organization, master data is very important for operational and analytical business decision-making. Based on the importance of master data, i think an organization should establish a master data governance team and operating model for that. This governance should be composed of representatives from each area of the business and be vested with the authority to define and approve policies governing the master data lifecycle to ensure data quality and usability, oversee the process workflows that touch master data, define and manage business rules for master data, inspect and monitor compliance with defined master data policies, and notify individuals when data errors or process faults are putting the quality or usability of the data at risk.
http://www.slideshare.net/roches/5-best-practices-for-sap-master-data-governance
Yulun Song says
2. Which department or person should play the key role in defining master data and assuring it’s quality?
I think financial department plays the key role in defining master data and assuring its quality. Master data includes customers, products, employees, materials, suppliers, vendors, sales, documents, and aggregated sales, etc. Financial master data management could empower financial business user, ensure business hierarchies and related links consistency, link local needs to corporate standard and consolidate all lines of business, analytics master data across heterogeneous environments,.
Vu Do says
Yulun, financial department does play an important role to the overall company indeed, they are responsible for entering in sensitive information about customers and employees. If anything is entered wrong, then it could cause issue so they must be well equip to entering in the correct information to the right place. So they play a huge role in assuring the quality of the master data and set up the tempo for the rest of the company by having the right information in place that will make the company function. The information they enter will assure that employees are getting paid correctly and customer information are entered correctly.
Yulun Song says
3. Which is more of a risk to a company: inaccurate data or excessive repetitive data? Explain
I think inaccurate data is more of a risk to a company. If a company sends inaccurate and wrong data to the wrong persons, it can have detrimental effects on the company. In addition, inaccurate data is more costly and wasting money. Many companies claimed that duplicate accounts, lost contacts and missed sales opportunities due to inaccurate data. On the other hand, companies may make bad or delayed decisions based on the inaccurate data, because people will not feel confident in the data and not confident to make decision.
http://www.arcplan.com/en/blog/2012/05/poor-data-quality-part-i-the-consequences/
Abhay V Kshirsagar says
Yulun,
I thought that inaccurate data was riskier too. To add to the redundant data part for comparison, the risks under redundant data are organizations incurring more cost for storing data, etc. these risks are still in no comparison with the risks associated with inaccurate data. Imagine sending packages to wrong addresses due to corrupt data and then those costs pilling up.
Paul Linkchorst says
Hi Abhay and Yulun,
To add to this conversation, I the two major risks that I could think of in terms of excessive data would be that it can cause an inaccuracy in the data due to replication or cause a failure in the database itself. With that being said, I would much rather have duplicates of data then the wrong data. Data storage is inexpensive nowadays and is only looking to becoming more affordable. I would much rather shell out thousands of dollars for storage space than potentially losing a client or customer due to inaccurate data. Likewise, I think most upper management would agree that they would be willing to spend more money if it means that they receive accurate data, even if it means having multiple copies of the same data.
Deepali Kochhar says
Q3. Which is more of a risk to a company: inaccurate data or excessive repetitive data? Explain
In my point of view inaccurate data is of more risk to a company as this directly harm the integrity of data. The prime motive of information security team is to manage and maintain data confidentiality, integrity and availability because every organization understands that managing these three aspects is very important to run the business successfully.
Data inaccuracy creates failure to manage the integrity of the data and hence one of the three objectives fails. Inaccurate data may be the result of carelessness, lack of information, misinterpreting data or dishonest employees.
For example, if the incomes and expenses are recorded inaccurately, it will distort the ability to track income and expenses as well as to budget accurately. Miscalculating profit is detrimental whether the number is too low or too high. If profit is reported too low, it will result in the company being undervalued. If profit is reported too high, the consequence will be high tax liability.
Mansi Paun says
Rightly pointed out, Deepali. Inaccurate data straightaway hits the infrastructure systems objective of Integrity.
Further to what you mentioned, I’d like to add that most Business decisions are a refined outcome of data therefore, if the data itself is inaccurate, we can be certain that the business decisions that follow using that data would be poorly formed decisions. For instance, in reality, company A has higher sales of shoes in the New York region and higher sales of Clothing items in Philadelphia. If the system data is inaccurate the Inventory management might not realize that there is a higher demand of shoes in NY and higher demand of clothes in Philadelphia and they might not be able to supply the goods accordingly. This could potentially translate to poor sales in both locations as NY is unprepared to handle the sales volume of shoes and Philadelphia is insufficiently stocked to handle sales of clothes.
Fred Zajac says
1. Master data in an ERP system is highly integrated with various processes and effects many parts of the organization. How does an organization assure this integration works well for all?
The Master Data is Centrally Stored and integrated with various processes within an organization. In order to reduce storage size on the network, or data redundancy the Master Data is shared and copied for each function. Controls should be put into place to assure the integration works well (Available, Accurate, & Private).
The customer, material, and vendor data plays a pivotal role in operating the business. The correct set-up, installation, field mapping, data accessibility, user policies, and data incremental / differential storage are a few management techniques.
Here is a great link by Microsoft explaining why you should manage master data
https://msdn.microsoft.com/en-us/library/bb190163.aspx
Fred Zajac says
2. Which department or person should play the key role in defining master data and assuring it’s quality?
In my opinion, I believe the IT department / CIO should oversee defining master data and its quality. The integrity of Master Data is very important. If one thing is out of place with the mapping, it could affect the entire system. To ensure proper installation, configuration, and protection, the IT / CIO should oversee the quality of the database. Now, I understand business decisions are directly impacted on the way data is handled, and think it is not just a technical thing, but also an overall business thing.
Binu Anna Eapen says
Master data is the basic data required to record the business transactions. Most important master data in SAP is general ledgers and sub-ledgers. General ledgers can be general ledger accounts, cost centers, profit centers. Sub-ledgers include specific master data like customer master data, asset master data, vendor master data, HR master data, material master data. I think that these data are managed by the respective teams and over all stored in the ERP database. For example, asset master data the asset team will be responsible for any changes or modification done to it. CIO overall is responsible for the security of any form of data in the firm but I do not think he handles the master data. Business stakeholders should define the vision for implementing a master data management solution within their organization. IT professionals should define the master data management problems for the organizations and engage business to recognize the IT role.
Fred Zajac says
3. Which is more of a risk to a company: inaccurate data or excessive repetitive data? Explain
I believe inaccurate data is more of a business risk to the company, but excessive data is more of a security risk for the company.
Inaccurate data will place problems throughout the company. Will slow things down, mess things up, and just cause problems that will directly impact the business. Not being able to order raw materials, accept those materials, pay for those materials, put those materials into processing, sell the item, ship the item, receive payment for the item is affected by inaccurate data.
Excessive data is expensive, because storage, although has come down in price, is still an expense. Running multiple systems also increase the number of ways to make mistakes entering and access the data. If security is effective on the server with vendor information, but vulnerable on the server with sales information, how good is the integrity of the data?
Both pose huge risks to a company and should be viewed as a high level risk.
Fred Zajac says
4. Which transaction do you believe is the most ‘Sensitive’ and therefore should have extra focus in an SAT (Sensitive Access to Transaction) audit? Explain
The most Sensitive transaction would be the payment process. This includes access to the businesses most “liquid” assets. The payment includes information highly sensitive to the financial aspect of an organization.
Therefore, Segregation of Duties is required at the financial level. Imagine if the same person could change how payments are received and in charge of making journal entries. They could have the payment from a customer sent to another account, and adjust the accounts receivables entry to reflect payment
Yu Ming Keung says
Good post Fred,
If the payment process is handled by the wrong hand, companies may not be able to receive the correct payment because the transaction information is well sealed by the person. Segregation of duties is definitely an important control. I think the big transaction would need to be approved and need special care by upper management.
Paul Linkchorst says
1. Master data in an ERP system is highly integrated with various processes and effects many parts of the organization. How does an organization assure this integration works well for all?
The point of master data is that it is a list of data which is shared among or used by several applications across different business functions. This data however needs to be formatted and designed in a particular way to ensure that the data remains consistent and accurate across the various applications. Upon doing some research, one of the ways that data management personnel can find out if the integration works well is by utilizing what is known as data stewards. These data stewards are members of the business function who understand the data and how that data converges into master data. This role works since it allows the data steward to work with the data management personnel and making the data in a format that works the best with the end users. While there might be instances where certain Master Data formats might not work, it seems that if the data warehouse becomes the “recipient of mastered data, not the master controller of it”, then integration likely has a higher chance of success. By including the end users as well as performing several other best practices, it can help with the acceptance of the integration among multiple business areas.
Mansi Paun says
Very informative, Paul. After reading your answer, I did a bit of research on Data stewards and found that data stewards play a significant role identifying what data needs to be collected, from where and possibly how it can be done more efficiently. He or She can crafts use policies so that excessive unnecessary data can be limited. From technology perspective, while companies can have MDM software to integrate and make the data available, from personnel point, it would be the data steward who ensures that the MDM tools/system is configured as per the organization’s needs and best interests.
Mansi Paun says
3. Which is more of a risk to a company: inaccurate data or excessive repetitive data? Explain
3. I personally find that inaccurate data is a bigger risk to a company than excessive repetitive data. This is because inaccurate data would go completely against most of the company’s objectives. Inaccurate data would mean a huge negative impact in every sense. It defeats the very purpose of creating, collecting and analyzing data if the data itself is incorrect. Take for instance, customer data which includes the customer order information, address or shipping information etc. If the shipping address itself is inaccurate, no matter how timely your service is or how great your product is, your company is not going to be able to provide the goods or service to the customer which will eventually affect the business. Similarly, some of the ways in which inaccurate data would impact the company can be listed as :
-Inability to sell your product or service to customers
-Inability to provide customer support
-Poor decision making due to inaccuracy in reports
-Losing sight of problem areas in the business
-Wasted time and effort or employee productivity
-Wrong forecasting
-Increased expenditure in fixing problems caused to inaccurate data
On the other hand, excessive repetitive data, despite having a significant impact of employee productivity, might still be tolerable as compared to inaccurate data. Infact, employees who use this data would often come up with a work-around or a solution of some kind to circumvent excessive repetitive data. Whereas for inaccurate data, one might not even know that the data is incorrect which would prevent them from trying to get the correct data.
Binu Anna Eapen says
Well said Mansi. Nice points about the impact of inaccurate data. Incorrect data or excessive repetitive data has a negative effect on the clients loyalty. But by having the right tools and checks when entering the data in the database, we can prevent duplicates and the negative consequences they have. Where as incorrect or inaccurate data can have a bigger impact and result in higher consumption of resources, higher maintenance cost, lower customer satisfaction rate, dissatisfied sales and distribution channels, negative publicity on social media, misinformed or under-informed decisions, invalid reports, loss of client, lower productivity, loss of revenue. Both of these- inaccurate and excessive repetitive are hugely undesirable and every effort is made so that this doesn’t occur or minimize it.
Wen Ting Lu says
2. Which department or person should play the key role in defining master data and assuring its quality?
The quality of the data is very important because missing, incorrect or inconsistent master data will leads to processes with errors and standard analyses containing unreliable information. I believe the finance/ accounting department should play the key role in defining master data and assuring its quality. All the processes are involved with monetary transactions no matter it is material, vendor or customer’s master record. Finance/accounting personals should be responsible to make sure all the data such as client information, pricing, purchase date, purchase quantity and amount are correctly entered. Also they must reconcile the bank statement with the order receipts.
Source:
14.2 Analysis of Master Data Quality
Abhay V Kshirsagar says
Wen Ting,
Do you think that for a master data like customer master data, the sales department should be the one responsible for maintaining the client information? I mean, they are the ones who are at the “front end” of the organization building relationships with the clients and gathering customer information first hand.
Wen Ting Lu says
Hi, Abhay
I agree with you that sales department are the first people that building the relationships with the clients to gather customer’s information. However, I believe the sales department’s main focus should be marketing the product and attracting the customers to purchase the products, Therefore, I believe finance/ accounting department should play the key role in defining master data and assuring its quality because they obtain customer’s confidential information such as banking information. Also, it depends on the size of the organization, sometimes a company might only have one or two employees, and they must work in multiple positions.
Jianhui Chen says
Which department or person should play the key role in defining master data and assuring it’s quality?
Firstly we should know what is the master data. Master data is the core data that is essential to operations in a specific business or business unit. Master data may be about: customers, products, employees, materials, suppliers, and vendors, and it may also cover: sales, documents and aggregated sales. It is the primary focus of the Information Technology discipline of Master Data Management (MDM).
In my opinion, IT department should play the key role to ensure the data’s integrity and availability, and financial and marketing departments should make sure the data correct.
Jianhui Chen says
Which is more of a risk to a company: inaccurate data or excessive repetitive data? Explain
I think inaccurate data is more of risk to a company because accurate data would not only mislead decison makers but also come up with compliance problems.
Accurate is important for decision making for the future. the inaccurate would misleading the decision makers. The wrong decision would cause wrong budgets, which may leads the company go bankrupt. The law require the organization should provide accurate information or face the severe penalty, for example, SOX require top management must individually certify the accuracy of financial information. On the other hand, the repetitive data is much easier to control as many tools can filter it.
Vu Do says
1. Master data in an ERP system is highly integrated with various processes and effects many parts of the organization. How does an organization assure this integration works well for all?
Master data holds the most important part of information for data users and with it, lots of employees use it to work with everyday. The organization must ensure that there are measures in place to protect the data from being access by anyone. The person accessing the data must not have access to use the data for projects. For instance, the person entering the information or providing the information to the master data must not have access to use the data since they may change it up to the number or information they want. Master data should also be check often to make sure all the information is up to data so that users get the latest information when working with the data. The master data must be easy accessible for users to gather the information they need when working on projects that require the information. This ensures everything is user friendly and is working properly.
Wen Ting Lu says
I agree with you that in order to assure that everything is working properly segregation of duties is very important. I like how you point out that the person entering the data should not be the same person who has the access to use the data. It can be tempted to commit fraud if the person who has both access to entering and using the data. As you mentioned, he or she can easily change up the data as the way wanted. Controls should be implemented to assure the integration of master data into business process work well for all. In addition to segregation of duties, preset authorization levels is also significant, we must make sure to only grant the access to the employee who is responsible for that specific task.
Wen Ting Lu says
Which transaction do you believe is the most ‘Sensitive’ and therefore should have extra focus in an SAT (Sensitive Access to Transaction) audit? Explain
By doing some research online, I believe that transactions like FS00 (G/L Account Creation) that enable users to create, modify or delete GL accounts should have extra focus in SAT audit. These transactions should generally be restricted, and grant authorization access only for specific business needs. In addition, we should secure transaction FB01 (Post Document) or any manual journal posting transaction like FB50, F-02 etc . All these transaction codes can be affected and make negative impact on the business. Therefore, we should have extra focus in an SAT audit on these transactions that can be create and updated; we need to make sure the access are granted appropriately to the employees.
Source:
http://www.winshuttle.com/blog/sensitive-transaction-codes-sap-year-end-audit/
Tiesha Christian says
Wen Ting Lu – If these transactions should be restricted since they are considered privileged rights. What are some ways the business can ensure that the access is appropriate for these tranasactions/ functions? I would probably recommentd having controls in place to catch such potential issues.
Wen Ting Lu says
Hi, Tiesha
Please feel free to add in the lists below for the controls that you think should be implemented.
Some ways the business can ensure that the access is appropriate for these transactions:
1. Set clear information security policies and procedures in an organization.
2. Implement segregation of duties.
3. Have multiple layers of protection.
4. Only grant the access to people who are responsible for that specific task.
Vu Do says
3. Which is more of a risk to a company: inaccurate data or excessive repetitive data? Explain
Inaccurate data is more of a risk for a company since the information is wrong and could affect projects that are using that information. If this happens then it will cause more problems for the company and have a negative effect if information about this goes public. For example reporting inaccurate data on numbers for shareholders will have a negative impact and cause more harm for the company. This could ruined the reputation of the company.
Excessive data just takes up storage space for the company and could be expensive if the data is house within hard drives. But those information especially being digitize can be deleted and clear up. So that would not cause any risk for the company.
Wen Ting Lu says
Hi, Vu
some other impacts I can think of when data is not entered accurately can be when the amount of inventory is entered incorrect, and the inventory on hand is not enough to meet the demand of the customer needs. In this case, the company not only losing the opportunity to make profit, but also make the customers unhappy and they might find an alternative because they didn’t get what they wanted. In addition, for example when expenses or revenue is not accurately, then it will affect the shareholder and investors make decisions on whether or not they should continue investing the company, and make valuable suggestion to help the company growth.
Wenlin Zhou says
Master data in an ERP system is highly integrated with various processes and effects many parts of the organization. How does an organization assure this integration works well for all?
Definition of Master Data Management is “a set of disciplines and processes for ensuring the accuracy, completeness, timeliness and consistency of the most important types (or domains) of reference data in the enterprise – across different applications, systems and databases, and across multiple business processes, functional areas, organizations, geographies and channels.”
Bottom line — some companies can use an ERP system as their cross-functional, enterprise-wide “single system”, and others have such a heterogenous IT environment that they require a dedicated MDM platform.
When an organization views data as an enterprise asset, it establishes an executive-level data governance committee that oversees data stewardship across the organization. Data governance exerts control over multiple business initiatives and technology implementations, to unify these through consistent data definitions and gain greater reuse for IT projects and business efforts.
https://hubdesignsmagazine.com/2007/10/06/master-data-management-vs-erp/
Fangzhou Hou says
1. Master data in an ERP system is highly integrated with various processes and effects many parts of the organization. How does an organization assure this integration works well for all?
The master data is valuable information assets for an organization, usually it includes the core data list below like business partner master data; Item base data; Employee base data; and finance master data. To ensure the integration works well for all, the effective master data management (MDM) is required. The MDM is not a one-time affair of data take on for a short term business, the data quality for master data also needs to be persistent in a long term business.
The solutions of enhancing the master data management include source identification, data collection, data transformation, normalization, rule administration, error detection and correction, data consolidation, data storage, data distribution, data classification and many others. An effective MDM can help the enterprise to combine all the core data to a master file and provides a common point of reference.
Fangzhou Hou says
2. Which department or person should play the key role in defining master data and assuring it’s quality?
To defining master data and assuring it’s quality, the Program Manager and Project Leader, Organization Change Agent, Business Analyst and Data Analyst would be involved. The Program Manager and Project Leader are responsible for overseeing the business intelligence program or individual projects, and for managing day-to-day activities based on the scope, budget, and schedule constraints. These people set the tone with respect to data quality and interact with the business representatives to establish the data quality requirements.
The Organization Change Manager helps the organization understand the value and impact of the business intelligence environment, and helps the organization address the issues that arise. Often, data quality issues are unearthed during the business intelligence projects, and the organization change agent can play an instrumental role in helping the organization understand the importance of dealing with the issues.
The business analyst conveys the business requirements, and these include detailed data quality requirements. The data analyst reflects these requirements in the data model and in the requirements for the data acquisition and delivery processes. Together, they ensure that the quality requirements are defined, reflected in the design, and conveyed to the development team.
Source: http://www2.sas.com/proceedings/sugi29/098-29.pdf
Jaspreet K. Badesha says
1. Master data in an ERP system is highly integrated with various processes and effects many parts of the organization. How does an organization assure this integration works well for all?
Master data is an integral part of the ERP system and is the foundation to most processes. Therefore, there need to be controls in place that allow accurate data to be inputted. For example, if someone is entering a phone number the field should be formatted for phone numbers and only allow numbers. Another control that should be implemented is the segregation of duties; the same person should not be allowed to complete an entire task on their own, making multiple people input information will ensure that each person will review the information and validate it before completing their portion. This will properly enforce a segregation of duties.
Jaspreet K. Badesha says
3. Which is more of a risk to a company: inaccurate data or excessive repetitive data? Explain
Inaccurate data is more of a risk than excessive repetitive data. Repetitive data as long as its accurate can be cleaned up easily. However, if data is inaccurate is will be building a wrong record and adding to the incorrect record throughout the entire process. Bills will be sent to the wrong place, sales or shipping will be placed to the wrong place.
Tiesha Christian says
Jaspreet – I agree with your thought. Data entry is critical to a company and can cause big problems. If there are clerical errors thata are made in one department for example. It can affect how another department reports its data, This can cause a domino effect an the data integrity throughout the company with one clerical error.
Wenlin Zhou says
Which transaction do you believe is the most ‘Sensitive’ and therefore should have extra focus in an SAT (Sensitive Access to Transaction) audit? Explain
Defining high-risk (sensitive) activities and specific transactions that are deemed “sensitive” is an essential part of every auditor’s role and every authorization-related project, because this could have a significant impact on the company, if misused.
Several vendors including SAP provide ways to identify, assess and manage these transactions. This process can also of course be supervised by your auditors, IT or internal IT security team, or a third party consulting group.
A list of sensitive transactions for Finance could run several dozen transaction codes depending on your role and responsibilities, but the sensitivity of particular transaction codes also varies depending on the time of year and the characteristics of your business.
Finance master record maintenance transactions can be problematic, and transactions like FS00 (G/L Account Creation) for finance teams are challenging because if they aren’t controlled strictly, there’s a risk of duplication or the creation of dummy GL accounts. Not only can this cause confusion, but it can also cause misallocations and potentially fraud.
Tiesha Christian says
2. Which department or person should play the key role in defining master data and assuring it’s quality?
The person who should play a key role in defining master data within a company, and assuring its quality. Would have to be someone on the CEO or CIO. Often times it is overlooked at how critical these types of roles are. When the CEO or CIO are responsible for these task or delegating to the appropriate people. It assures that the data is restricted to the appropriate people. If log’s from change mangerment are also kept, segregation of dutites can be tested, and enforced.
Victoria A. Johnson says
I agree with your point Tiesha and I believe that this task could be passed along to accounting personnel. Master records typically involve material, customer and vendor master records which essentially all deal with the monies and finance transactions that come in and out of the business. Accounting personnel should be responsible for the quality of this data.
Victoria
Yu Ming Keung says
Master data in an ERP system is highly integrated with various processes and effects many parts of the organization. How does an organization assure this integration works well for all?
ERP is the business process software that allows an organization to use a system of integrated application by managing different modules such as finance, procurement, human resources, order to cash. ERP systems carries. The master tables are referenced frequently all across the system and databases, and shared by different applications, functional areas and sites. Data incorporated thereon need to be accurate, complete, timely and consistent.
An organization can assure the integration of the ERP system by performing the followings:
1. Clear cut process and procedure for maintenance of master data.
2. Ownership of data is properly defined.
3. In built workflow and authorization for adding and modifying data.
4. Documentation of the process.
5. Audit trails of master tables are activated and modifications are logged in the system.
6. Proper excel templates or data mapping with legacy system, for initial collection of data.
Source:
http://www.managementstudyguide.com/master-data-management-erp-system.htm
Paul M. Dooley says
Master data in an ERP system is highly integrated with various processes and effects many parts of the organization. How does an organization assure this integration works well for all?
Master data is critical for use in ERP systems, To ensure the integrity of the data there must be strict controls in place for those responsible for inputting the data. For example, if someone needs to input Tax ID numbers for their client base, they would need to ensure that only numerical inputs would be accepted. Also, there must be SOD implemented along with the input controls. The ERP system is critical to the operations of the business.
Paul M. Dooley says
Which department or person should play the key role in defining master data and assuring it’s quality?
The accounting group should play the key role in defining master data and it’s quality and should roll all the way up to the top of that organization, CFO, for accountability purposes due to its critical nature. Also, they can ensure that segregation of duties is rolled out as responsibilities are funneled down stream. Ultimately the responsibility should sit at the top.
Paul M. Dooley says
Which is more of a risk to a company: inaccurate data or excessive repetitive data? Explain
In accurate data is definitely more of a risk than excessive repetitive data. The accuracy and integrity of data is essential to the workflows that require that data to be accurate, i.e. accounts billable, accounts receivable, etc. Excessive data is more of an inconvenience and can prove costly for storage and efficiency but inaccurate data can create more dire consequences.
Victoria A. Johnson says
Which is more of a risk to a company: inaccurate data or excessive repetitive data? Explain
Inaccurate data is more a risk to a company than repetitive data. One risk associated with inaccurate data is inventory entered erroneously thus causing the inventory in stock to be less than the demand for customer needs. Because of this, the company is at a disadvantage to lose profit and lose customers. Excessive repetitive data can be inconvenient and costly but inaccurate data can negatively impact a company in any given situation.